[Bug 392759] Re: apache2 DoS attack using slowloris

Jonathan Marsden jmarsden at fastmail.fm
Mon Sep 21 01:50:18 BST 2009


Dekar:  Did you actually test this at all?  Please provide some evidence
to support your claims.

You have said that you believe this issue is:

> A real problem, exploitable for many people in a default
> installation. Includes serious remote denial of services,
> local root privilege escalations, or data loss.

The default installation, when one installs apache2 using

  sudo apt-get install apache2

uses the apache2-mpm-prefork module, not apache2-mpm-worker.  The
article by LiraNuna clearly states:

   I assume you are using the threaded version of Apache, else you are
not vulnerable to this type of attack.

Please justify your claims about this being a high priority issue,
affecting many people in the default installation, in the light of this.

More generally, if you believe this to be a significant issue for many
people, rather than making unfounded statements here, please do the
community a service and package the module that you wish to see included
in Ubuntu :)

-- 
apache2 DoS attack using slowloris
https://bugs.launchpad.net/bugs/392759
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.



More information about the Ubuntu-server-bugs mailing list